[ssh-agent.1]
clarify/state that private keys are not exposed to clients using the
agent; ok markus@
- markus@cvs.openbsd.org 2001/11/19 11:20:21
[sshd.c]
fd leak on HUP; ok stevesk@
- markus@cvs.openbsd.org 2001/11/19 11:20:21
[sshd.c]
fd leak on HUP; ok stevesk@
+ - stevesk@cvs.openbsd.org 2001/11/19 18:40:46
+ [ssh-agent.1]
+ clarify/state that private keys are not exposed to clients using the
+ agent; ok markus@
20011126
- (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
20011126
- (tim) [contrib/cygwin/README, openbsd-compat/bsd-cygwin_util.c,
-.\" $OpenBSD: ssh-agent.1,v 1.28 2001/09/05 06:23:07 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.29 2001/11/19 18:40:46 stevesk Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
.Pp
.Xr ssh 1
looks at these variables and uses them to establish a connection to the agent.
.Pp
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+.Pp
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the